On Tuesday, Google revealed the stable channel version of Chrome 116, which includes updates for 26 vulnerabilities, 21 of which were discovered by outside researchers.Eight bugs that were reported from the outside were given a severity rating of “high,” with memory safety problems making up the majority of them.
The most significant of them is CVE-2023-2312, a use-after-free weakness in the Offline component, according to the bug bounty incentive paid out. According to Google’s advisory, the reporting researcher received a $30,000 incentive for the discovery. Following that is CVE-2023-4349, a use-after-free flaw in Device Trust Connectors, then CVE-2023-4350, an improper Fullscreen implementation, and CVE-2023-4351, a use-after-free flaw in Network, for which Google offered bounties of $5,000, $3,000, and $2,000, respectively.